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DETAILED ACTION 
Remarks 

1. In response to communications filed on 06-June-2005, claims 25, 34, and 43 are amended 
per applicant's request. Claims 25-51 are presently pending in the application. 

Claim Rejections - 35 USC §103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 25-28, 30-37, 39-46, and 48.51 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Zizzi (U.S. patent No. 6,185,681) in view of McBride (U.S. patent No. 
6,292,899 Bl), and further in view of Sutter (U.S. patent No. 5,924,094). 

As to claim 25 Zizzi teaches a method for managing encryption within a database system, 
wherein encryption is performed automatically and transparently to a user of the database system 
(see abstract), the method comprising: 

receiving a request at the database system to store data in the database system (see figure 

4. step 415); 

wherein the request is directed to storing data in a portion of the database system that has 
been designated as encrypted (see figure 4 step 430, where the decision is "Yes"); 
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in response to receiving the request: 

creating a digest of the data, wherein the digest is a cryptographic function 
of the data (see column 3, lines 29-37, where MD5 is an algorithm well known in the art 
used to verify data integrity using a 128-bit message digest of the input), and 

automatically encrypting data within the database system using an 
encryption function to produce an encrypted data (see figure 4, step 460), wherein 
using an encryption function involves using an encryption key recovered from a 
keyfile stored within memory of a server of the database system (see column 7, 
line 55 through column 8, line 20); and 
storing the encrypted data in the database system (see column 7, lines 15-21); 
wherein the digest is used to detect tampering with the encrypted data (see column 3, 
lines 29-37). 

Zizzi does not teach wherein the portion of the database system that has been designated 
as encrypted is one or more columns of the database system. 

Sutter teaches an independent distributed database system where users at local sites can 
work offline with local data (see abstract), in which he teaches wherein the portion of the 
database system that has been designated as encrypted is one or more columns of the database 
system (see column 59, lines 10-16). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Sutter because 
wherein the portion of the database system that has been designated as encrypted is one or more 
columns of the database system would keep unauthorized users from deciphering the encrypted 
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column of the database system and would allow columns with similar subject matter (all columns 
with phone numbers) to be encrypted with the same key while allowing columns of a different 
subject matter to be encrypted with another key (all columns with financial data). This would 
allow varying levels of access to different columns based on the key that is available to the user 
(see Sutter , column 59, line 10 through column 60, line 25). 

Zizzi still does not teach wherein using the encryption function involves using an 
encryption key recovered from an obfuscated copy of the keyfile stored within volatile memory. 

McBride teaches a data security system that uses a volatile key apparatus to manage 
access to a file (see abstract), in which he teaches wherein using the encryption function involves 
using an encryption key recovered from an obfuscated copy of the keyfile stored within volatile 
memory (see column 6, lines 41-45). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi by the teachings of McBride because wherein using 
the encryption function involves using an encryption key recovered from an obfuscated copy of 
the keyfile stored within volatile memory would prevent access to the information that is 
encrypted (see McBride , abstract). 

As to claim 34, Zizzi teaches a computer-readable storage medium storing instructions 
that when executed by a computer causes the computer to perform a method for managing 
encryption within a database system, wherein encryption is performed automatically and 
transparently to a user of the database system (see abstract, where "instructions" are read on 
"software module", and it is inherent that the software must be stored on some medium), the 
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method comprising: 

receiving a request at the database system to store data in the database system (see figure 
4, step 415); 

wherein the request is directed to storing data in a portion of the database system that has 
been designated as encrypted (see figure 4, step 430, where the decision is "Yes"); 
in response to receiving the request: 

creating a digest of the data, wherein the digest is a cryptographic function 
of the data (see column 3, lines 29-37, where MD5 is an algorithm well known in the art 
used to verify data integrity using a 128-bit message digest of the input), and 

automatically encrypting data within the database system using an 
encryption function to produce an encrypted data (see figure 4, step 460) wherein 
using an encryption function involves using an encryption key recovered from a 
keyfile stored within memory of a server of the database system (see column 7, 
line 55 through column 8, line 20) wherein using an encryption function involves 
using an encryption key recovered from a keyfile stored within memory of a 
server of the database system (see column 7, line 55 through column 8, line 20); 
and 

storing the encrypted data in the database system (see column 7, lines 15-21); 
wherein the digest is used to detect tampering with encrypted data (see column 3, lines 

29-37). 

Zizzi does not teach wherein the portion of the database system that has been designated 
as encrypted is one or more columns of the database system. 
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Sutter teaches wherein the portion of the database system that has been designated as 
encrypted is one or more columns of the database system (see column 59, lines 10-16). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Sutter because 
wherein the portion of the database system that has been designated as encrypted is one or more 
columns of the database system would keep unauthorized users from deciphering the encrypted 
column of the database system and would allow columns with similar subject matter (all columns 
with phone numbers) to be encrypted with the same key while allowing columns of a different 
subject matter to be encrypted with another key (all columns with financial data). This would 
allow varying levels of access to different columns based on the key that is available to the user 
(see Sutter , column 59, line 10 through column 60, line 25). 

Zizzi still does not teach wherein using the encryption function involves using an 
encryption key recovered from an obfuscated copy of the keyfile within volatile memory. 

McBride teaches wherein using the encryption function involves using an encryption key 
recovered from an obfuscated copy of the keyfile stored within volatile memory (see column 6, 
lines 41-45). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi by the teachings of McBride because wherein using 
the encryption function involves using an encryption key recovered from an obfuscated copy of 
the keyfile stored within volatile memory would prevent access to the information that is 
encrypted (see McBride , abstract). 
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As to claim 43, Zizzi teaches an apparatus that facilitates managing encryption within a 
database system, wherein encryption is performed automatically and transparently to a user of 
the database system (see abstract), comprising: 

a receiving mechanism that is configured to receive a request at the database system to 
store data in the database system (see column 8, lines 32-41); 

wherein the request is directed to storing data in a portion of the database system that has 
been designated as encrypted (see figure 4, step 430, where the decision is "Yes"); 

a digest creating mechanism configured to create a digest of the data, wherein the digest 
is a cryptographic function of the data (see column 3, lines 29-37, where MD5 is an algorithm 
well known in the art used to verify data integrity using a 128-bit message digest of the input); 

an encrypting mechanism that is configured to automatically encrypt data within the 
database system using an encryption function to produce an encrypted data (see column 9, lines 
20-3 1), wherein using the encryption function involves using an encryption key recode from a 
keyfile stored within memory of a server of the database system (see column 7, line 55 through 
column 8, line 20); and 

a storing mechanism that is configured to store the encrypted data in the database system 
(see column 7, lines 15-21) 

wherein the digest is used to detect tampering with the encrypted data (see column 3, 
lines 29-37). 

Zizzi does not teach wherein the portion of the database system that is designated as 
encrypted is one or more columns of the database system. 
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Sutter teaches wherein the portion of the database system that has been designated as 
encrypted is one or more columns of the database system (see column 59, lines 10-16). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Sutter because 
wherein the portion of the database system that has been designated as encrypted is one or more 
columns of the database system would keep unauthorized users from deciphering the encrypted 
column of the database system and would allow columns with similar subject matter (all columns 
with phone numbers) to be encrypted with the same key while allowing columns of a different 
subject matter to be encrypted with another key (all columns with financial data). This would 
allow varying levels of access to different columns based on the key that is available to the user 
(see Sutter , column 59, line 10 through column 60, line 25). 

Zizzi still does not teach wherein using the encryption function involves using an 
encryption key recovered from an obfuscated copy of a keyfile stored within volatile memory. 

McBride teaches wherein using the encryption function involves using an encryption key 
recovered from an obfuscated copy of a keyfile stored within volatile memory (see column 6, 
lines 41-45). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi by the teachings of McBride because wherein using 
the encryption function involves using an encryption key recovered from an obfuscated copy of a 
keyfile within stored volatile memory would prevent access to the information that is encrypted 
(see McBride . abstract). 
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As to claims 26, 35, and 44, Zizzi as modified, teaches 

wherein the encryption function uses a key stored in a keyfile managed by a security 
administrator (see Zizzi . column 9, lines 25-30); and 

wherein the encrypted data is stored using a storage function of the database system (see 
Zizzi , column 9, lines 32-37). 

As to claims 27, 36, and 45, Zizzi as modified, teaches further comprising: 
receiving a request to retrieve data from the column of the database system (see Zizzi , 
column 9, lines 44-59); 

if the request to retrieve data is received from a database administrator, preventing the 
database administrator from decrypting the encrypted data; if the request to retrieve data is 
received from the security administrator, preventing the security administrator from decrypting 
the encrypted data; and if the request to retrieve data is from an authorized user of the database 
system, allowing the authorized user to decrypt the encrypted data (see Zizzi . column 9, lines 40- 
43, where any user that does not have authorization to decrypt the data will not be authorized to 
decrypt it). 

As to claims 28, 37, and 46, Zizzi as modified teaches data encryption standard (DES) 
and triple DES as a mode of encryption (see Zizzi , column 3, lines 29-37). 

Zizzi as modified, still does not teach wherein the security administrator selects a mode 
of encryption for the column. 
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Sutter teaches wherein the security administrator selects a mode of encryption for the 
column (see column 59, lines 11-14). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Sutter because 
wherein the security administrator selects a mode of encryption for the column would allow the 
security manager to select various methods of encryption strengths depending on the importance 
of the file. 

As to claims 30, 39, and 48, Zizzi as modified, teaches wherein managing the keyfile 
includes, but is not limited to: 

establishing a relationship between a key identifier and he. key stored in the keyfile (see 
Zizzi , column 6, lines 3-6); 

storing the keyfile in one of, 

an encrypted file in the database system, and a location separate from the database 

system (see Zizzi , column 6, lines 1-2); 

Zizzi as modified, still does not teach creating the keyfile; establishing a plurality of keys 
to be stored in the keyfile; and moving an obfuscated copy of the keyfile to a volatile memory 
within a server associated with the database system. 

McBride teaches creating the keyfile; establishing a plurality of keys to be stored in the 
keyfile (see column 1, lines 6-10); and moving the obfuscated copy of the keyfile to the volatile 
memory within a server associated with the database system (see column 6, line 46-62). 

It would have been obvious to a person having ordinary skill in the art at the time the 
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invention was made to have modified Zizzi as modified, by the teachings of McBride because 
creating the keyfile, and establishing a plurality of keys to be stored in the keyfde would 
safeguard the confidential data that is in the memory (see McBride . abstract); and because 
moving an obfuscated copy of the keyfile to a volatile memory within a server associated with 
the database system would allow the user to access the encrypted data after the device has been 
tampered with and the memory has been erased (see McBride . abstract). 

As to claims 3 1, 40, and 49, Zizzi as modified, still does not teach wherein the key 
identifier associated with the column is stored as metadata associated with a table containing the 
column within the database system. 

Sutter teaches wherein the key identifier associated with the column is stored as metadata 
associated with a table containing the column within the database system (see column 59, line 29 
through 60, line 25). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Sutter because 
wherein the key identifier associated with the column is stored as metadata associated with a 
table containing the column within the database system would allow the same key to be used 
with the same key algorithm to encrypt multiple columns of the same table or multiple columns 
in different tables (see Sutter , column 60, lines 20-24). 



As to claims 32, 41, and 50 Zizzi as modified, teaches further comprising establishing 
encryption parameters for the column (see Sutter , column 60, lines 1-10), wherein encryption 
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parameters include encryption mode, key length, and integrity type (see Sutter , column 59, line 
10-15, where different types of encryption are used to verify the integrity of the file) by: 

entering encryption parameters for the column manually (see Zizzi . column 7, line 64 
through column 8, line 6); and 

recovering encryption parameters for the column from a profile table in the database 
system (see Zizzi , column 8, lines 59-67). 

As to claims 33, 42, and 51, Zizzi as modified, teaches wherein upon receiving a request 
from the security administrator specifying the column to be encrypted (see Sutter , column 60, 
lines 1-26, where "administrator" is read on "designer"), if the column currently contains data, 
the method further comprises: 

decrypting the column using an old key if the column was previously encrypted (it is 
obvious to one skilled in the art that the column would have to be decrypted before the old key 
could be discarded); and 

encrypting the column using a new key (see Sutter, column 60, lines 1-19). 

4. Claims 29, 38, and 47 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Zizzi (U.S. patent No. 6,185,681 Bl) in view of McBride (U.S. patent No. 6,292,899 Bl) in 
further view of Sutter (U.S. patent No. 5,924,094) as applied to claims 25-28, 30-37, 39-46, and 
48-51 above, and further in view of Brogliatti et al. (U.S. patent No. 6,564,225 Bl). 



As for claims 29, 38, and 47, Zizzi as modified, still does not teach wherein the security 
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administrator, a database administrator, and a user administrator are distinct roles, and wherein a 
person selected for one of these roles is not allowed to be selected for another of these roles. 

Brogliatti et al. teaches wherein the security administrator, a database administrator, and 
a user administrator are distinct roles, and wherein a person selected for one of these roles is not 
allowed to be selected for another of these roles (see column 5, lines 10-24). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Zizzi as modified, by the teachings of Brogliatti et al. 
because wherein the security administrator, a database administrator, and a user administrator are 
distinct roles, and wherein a person selected for one of these roles is not allowed to be selected 
for another of these roles would protect important corporate assets (see Brogliatti et al. , column 
5, lines 10-14). 

Response to Arguments 
5. Applicant's arguments filed 06-June-2005 have been fully considered but they are not 
persuasive. 

In response to the applicant's arguments that "the present invention is specifically 
directed towards encrypting or decrypting data on the database system", the arguments have been 
fully considered but are not deemed persuasive. The applicant has amended the claim to include 
a limitation that requires the encryption key to be stored on a server of the database system, but 
this language only requires the key to be stored on a server that is part of the same system as the 
database not that the key be stored on the same computer as the database. The claims are given 
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their broadest reasonable interpretation during examination (see M.P.E.P. 2106). Since Zizzi 
discloses a "crypto server" to be a software module (on the client) which handles the encrypting 
and has access to smart card which has the encryption key stored on it (see column 7, line 55 
through column 8, line 20), it is reasonable for the examiner to interpret this server to be the 
"server of the database system" claimed in the claims. The server is part of the database system 
because all the computers are connected by a network to make one system as seen in figure 1 and 
referenced in column 3, line 12 through column 4, line 8). Zizzi is modified by McBride to teach 
storing a obfuscated copy of a keyfile in volatile memory instead of on a smart card. This is a 
reasonable modification of Zizzi because both Zizzi and McBride are performing encryption on a 
personal computer and placing the keyfile in a volatile key apparatus would increased security in 
protecting the key. 

In response to the applicant's arguments that "the invention of Zizzi requires a smart card 
reader to provide the encryption/decryption keys", the arguments have been fully considered but 
are not deemed persuasive. The applicant is arguing the references individually; one cannot 
show nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jacob F. Betit whose telephone number is (571) 272-4075. The 
examiner can normally be reached on Monday through Friday 9 am to 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 



jfb 

10 Aug 2005 




CHARLES RONES 
PRIMARY EXAMINER 



